[ https://issues.apache.org/jira/browse/YARN-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zhijie Shen updated YARN-2676: ------------------------------ Attachment: YARN-2676.1.patch Upload a working in progress patch: 1. Server side: make TimelineAuthenticationFilter extend the common DelegationTokenAuthenticationFilter and use the related common stuff. 2. Client side: make TimelineClientImpl use the DelegationTokenAuthenticatedURL and DelegationTokenAuthenticator, which will fail back to pseduo/kerberos authenticator if DT is not there. 3. Client side: make TimelineClientImpl be friendly to proxy user. Will execute the http request with real user with the proxy user set as the "doAs" user. 4. Cleanup the unnecessary code, which we used to duplicate for timeline security. It is worth mentioning that new http authentication request and response is not going to be compatible with the prior one. It's difficult to be compatible at http level, because both header and body are almost different in format. However, at the point of view of timeline client, the change should be transparent. > Timeline authentication filter should add support for proxy user > ---------------------------------------------------------------- > > Key: YARN-2676 > URL: https://issues.apache.org/jira/browse/YARN-2676 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: YARN-2676.1.patch > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)